Does Traffic Lights have any unpatched vulnerabilities?

No. All known vulnerabilities in Traffic Lights have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Traffic Lights compatible with WordPress 5.6.17?

According to WordPress.org data, Traffic Lights 1.02 has been tested up to WordPress 5.6.17. Check the plugin's changelog for the latest compatibility information.

How often is Traffic Lights updated?

Traffic Lights was last updated on Feb 5, 2021. Frequent updates are generally a positive security signal.

What is Traffic Lights's security score?

Traffic Lights has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Traffic Lights Security & Risk Analysis

wordpress.org/plugins/traffic-lights

A plugin which shows a simply traffic light to show some status to visitors.

70 active installs v1.02 PHP + WP 3.0+ Updated Feb 5, 2021

lightsstatustraffic

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Traffic Lights Safe to Use in 2026?

Generally Safe

Score 85/100

Traffic Lights has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The "traffic-lights" plugin v1.02 appears to have a generally strong security posture based on the provided static analysis. The absence of dangerous functions, SQL queries without prepared statements, and external HTTP requests are positive indicators. The plugin also demonstrates good practice by performing capability checks on its entry points. The lack of any recorded vulnerabilities in its history further suggests a stable and relatively secure codebase over time.

However, there are a few areas of concern. The most significant is the very low percentage of properly escaped output (14%). This means that a substantial portion of data output by the plugin might be vulnerable to Cross-Site Scripting (XSS) attacks, especially if user-supplied data is involved in these outputs. While the taint analysis showed no unsanitized paths, this could be due to the limited number of flows analyzed or a lack of complex data manipulation. The absence of nonce checks, while not directly tied to an identified vulnerability, is a missed opportunity to further harden the plugin against CSRF attacks, particularly for its entry points.

Key Concerns

Low output escaping percentage
No nonce checks on entry points

Vulnerabilities

None known

Traffic Lights Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Traffic Lights Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

14% escaped14 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

draw_traffic_light (draw-traffic-lights.php:34)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Traffic Lights Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[trafficlights] traffic-lights.php:67

[traffic-lights] traffic-lights.php:68

WordPress Hooks 2

actionwidgets_inittraffic-lights.php:48

actionwp_dashboard_setuptraffic-lights.php:66

Maintenance & Trust

Traffic Lights Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17

Last updatedFeb 5, 2021

PHP min version

Downloads3K

Community Trust

Rating60/100

Number of ratings2

Active installs70

Alternatives

Traffic Lights Alternatives

Visitor Traffic Real Time Statistics

visitors-traffic-real-time-statistics

This plugin will help you to track your visitors, browsers, operating systems, visits and much more in one dashboard page.

40K 7 CVEs

Custom Order Status Manager for WooCommerce

bp-custom-order-status-for-woocommerce

100

Custom Order Status Manager for WooCommerce plugin allows you to create, delete and edit order statuses to better control the flow of your orders.

30K No CVEs

Custom Order Status for WooCommerce

custom-order-statuses-woocommerce

100

Custom Order Status for WooCommerce allows you to create and manage order statuses. It improves order management & overall order workflow.

10K 1 CVE

WPCargo Track & Trace

wpcargo

WPCargo is a track & trace system for courier, courier script, parcel, balikbayan system, shipment and transportation management system, ideal sol …

10K 3 unpatched

WPS Visitor Counter

wps-visitor-counter

Display website visitor statistics with widget, shortcode, and Gutenberg block support.

10K 1 unpatched

Developer Profile

Traffic Lights Developer Profile

theode

11 plugins · 220 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Traffic Lights

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/traffic-lights/bilder/red.png/wp-content/plugins/traffic-lights/bilder/red-off.png/wp-content/plugins/traffic-lights/bilder/yellow.png/wp-content/plugins/traffic-lights/bilder/yellow-off.png/wp-content/plugins/traffic-lights/bilder/green.png/wp-content/plugins/traffic-lights/bilder/green-off.png

HTML / DOM Fingerprints

Data Attributes

data-ampel

Shortcode Output

<div style="line-height:0px;padding:0;text-decoration:none;"><img src="" /><br /><img src="

FAQ